SapphireDb logo SapphireDb

Query - Authentication/Authorization

This example shows how to control the permission of a user to query the data of a collection using the [QueryAuth]-Attribute.

Usage

The [QueryAuth]-Attribute can be used on the model class and/or on specific fields/properties of the model

Every auth-attribute can be used in three ways.
  1. Without attributes: Authentication required
  2. Policies: A comma separated string of policy-names. All policies have to succeed. Check out Policies for more details
  3. Function name: You can optionally pass the name of a function in the class that has to return a boolean. The function will get executed to check if the user is allowed for the action.
Multiple attributes: You can define multiple Attributes for each model. Only one of the attributes defined condition has to succeed.
Heredity: If you define AuthAttributes for a base class all sub classes will inherit this attributes until custom attributes of the same type are defined in the subclasses.

Demo

Use this controls to change the login state

You are currently not logged in

Example - Only authenticated

This example shows the basic usage. When you only use the attribute the user has to be authenticated.

\f:(typescript:Angular) export class QueryAuthComponent implements OnInit {\n \tvalues$: Observable<any>;\n\n \tconstructor(private db: SapphireDbService) {}\n\n \tngOnInit() {\n \t\tthis.values$ = this.db.collection('AuthDemo.RequiresAuthForQueryDemos').values();\n \t}\n } \f:(csharp:Model.cs:Server) [QueryAuth]\n public class RequiresAuthForQuery : Base\n {\n \tpublic string Content { get; set; }\n }

Example - Only admin

This example shows how to use policies to check if the user allowed to query.

\f:(typescript:Angular) export class QueryAuthComponent implements OnInit {\n \tvalues$: Observable<any>;\n\n \tconstructor(private db: SapphireDbService) {}\n\n \tngOnInit() {\n \t\tthis.values$ = this.db.collection('AuthDemo.RequiresAdminForQueryDemos').values();\n \t}\n } \f:(csharp:Model.cs:Server) [QueryAuth("requireAdmin")]\n public class RequiresAdminForQuery : Base\n {\n \tpublic string Content { get; set; }\n } \f:(csharp:Startup.cs:Server) public void ConfigureServices(IServiceCollection services)\n {\n \tservices.AddAuthorization(config =>\n \t{\n \t\tconfig.AddPolicy("requireAdmin", b => b.RequireRole("admin"));\n \t});\n }

Example - Custom function

This example shows how to define a custom static function that checks if the user is allowed.

\f:(typescript:Angular) export class QueryAuthComponent implements OnInit {\n \tvalues$: Observable<any>;\n\n \tconstructor(private db: SapphireDbService) {}\n\n \tngOnInit() {\n \t\tthis.values$ = this.db.collection('AuthDemo.CustomFunctionForQueryDemos').values();\n \t}\n } \f:(csharp:Model.cs:Server) [QueryAuth(functionName: "CanQuery")]\n [QueryAuth(functionName: "CanQuery2")]\n public class CustomFunctionForQuery : Base\n {\n \tpublic static bool CanQuery(HttpInformation httpInformation)\n \t{\n \t\treturn httpInformation.User.IsInRole("admin");\n \t}\n\n \tpublic static bool CanQuery2(HttpInformation httpInformation)\n \t{\n \t\treturn httpInformation.User.IsInRole("user");\n \t}\n\n \tpublic string Content { get; set; }\n }
You can use dependency injection for the method. SapphireDb will provide you a HttpInformation-object with information about the request and the instances found in the DI-Container.

Example - Custom function per entry

This example is a bit special. The user is allways allowed to query information and the check for permission is made for each entry. All entries that are not allowed to get queried will just get omitted.

This example also demonstrates how to use multiple auth attributes. Both attributes define a different condition and only one has to succeed.

\f:(typescript:Angular) export class QueryAuthComponent implements OnInit {\n \tvalues$: Observable<any>;\n\n \tconstructor(private db: SapphireDbService) {}\n\n \tngOnInit() {\n \t\tthis.values$ = this.db.collection('CustomFunctionPerEntryForQueryDemos', 'AuthDemo').values();\n \t}\n } \f:(csharp:Model.cs:Server) [QueryEntryAuth(functionName: "CanQuery")]\n [QueryEntryAuth(functionName: "CanQuery2")]\n public class CustomFunctionPerEntryForQuery : Base\n {\n \tpublic bool CanQuery(HttpInformation httpInformation)\n \t{\n \t\treturn Content == "Test 1";\n \t}\n\n \tpublic bool CanQuery(HttpInformation httpInformation)\n \t{\n \t\treturn Content == "Test 2";\n \t}\n\n \tpublic string Content { get; set; }\n }

Example - Authorization for fields

This example shows how to handle authorization on fields.

\f:(typescript:Angular) export class QueryAuthComponent implements OnInit {\n \tvalues$: Observable<any>;\n\n \tconstructor(private db: SapphireDbService) {}\n\n \tngOnInit() {\n \t\tthis.values$ = this.db.collection('AuthDemo.QueryFieldDemos').values();\n \t}\n } \f:(csharp:Model.cs:Server) public class QueryFields : Base {\n \t[QueryAuth]\n \tpublic string Content { get; set; }\n\n \t[QueryAuth("requireAdmin")]\n \tpublic string Content2 { get; set; }\n\n \t[QueryAuth(functionName: "CanQuery")]\n \tpublic string Content3 { get; set; }\n\n \tprivate bool CanQuery()\n \t{\n \t\treturn Content == "Test 1";\n \t}\n }

This website uses Google Analytics. If you want to disable it just unselect the option: